ChoicePoint to Pay Fine for Second Data Breach

[lyger <lyger () attrition org>]

http://www.pcworld.com/article/173902/choicepoint_to_pay_fine_for_second_data_breach.html

Data broker ChoicePoint, the victim of a 2004 data breach affecting more 
than 160,000 U.S. residents, has agreed to strengthen its data security 
efforts and pay a fine for a second breach in 2008, the U.S. Federal Trade 
Commission said Monday.

ChoicePoint, now a subsidiary of Reed Elsevier, will pay US$275,000 to 
resolve the newest FTC complaint. The FTC accused the company of failing 
to implement a comprehensive information security program to protect 
consumers' personal information, as required by the agency after the 2004 
breach.

The April 2008 breach compromised the personal data of 13,750 people, the 
FTC said in a press release. ChoicePoint turned off a "key" electronic 
security tool used to monitor access to one of its databases, and failed 
to detect that the security tool was turned off for four months, the FTC 
said.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php